[jbosstools-issues] [JBoss JIRA] Commented: (JBIDE-9211) Support authentication on AS7 management operations
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Mon Jul 25 08:49:24 EDT 2011
[ https://issues.jboss.org/browse/JBIDE-9211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12616235#comment-12616235 ]
Darran Lofthouse commented on JBIDE-9211:
-----------------------------------------
Hi Andre,
I understand from Max that you are away this week so feel free to ping me when you return so we can discuss the authentication options for AS7 (Due to be expanded on for AS7.1 as well).
The reason the properties file is empty is so that we do not ship a default user that gets enabled in such a way that anyone with basic JBoss knowledge can guess the admin user.
To enable the actual security the management interface being used needs to be associated with the security realm i.e.
{code:xml}
<management-interfaces>
<native-interface interface="management" port="9999" security-realm="PropertiesMgmtSecurityRealm" />
<http-interface interface="management" port="9990" security-realm="PropertiesMgmtSecurityRealm"/>
</management-interfaces>
{code}
> Support authentication on AS7 management operations
> ---------------------------------------------------
>
> Key: JBIDE-9211
> URL: https://issues.jboss.org/browse/JBIDE-9211
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: JBossAS
> Reporter: Max Rydahl Andersen
> Assignee: Andre Dietisheim
> Priority: Blocker
> Fix For: 3.3.0.M3
>
>
> AS7 server management API can be secured we should investigate how that would affect users of JBoss tools
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list